The 'autonomous,' hackable car

Taylor Armerding |
Oct. 10, 2013

Driverless cars are coming, with almost magical convenience features. But experts say they are a long way from secure.

That opens a stunning range of possibilities. Vehicles that are interconnected and not burdened by human error should be able to travel closer together at higher speeds without risk of collisions. Commuters should be able to get in their cars, set the destination and then sit back, have a cup of coffee and do some reading, as if they were riding the train. Your car should be able to find out about heavy traffic on one route, and take you on another that is less congested.

Elders who would otherwise have lost their licenses, and therefore their freedom to drive, would be able to have their vehicles take them safely to any number of destinations — doctor appointments, shopping and social events. Nobody would have to worry about speeding violations. Insurance premiums would go down. And who wouldn't like the error-free version of a designated driver to take them home after a night of hard partying?

But that also illustrates the problem: Cars with such crucial capabilities are not guaranteed "error-free" yet. Kevin Curran, IEEE Senior Member and professor of Computing and Engineering at the University of Ulster, U.K., notes what many of his colleagues note — this kind of connectivity means that, "a breach in one network may cause havoc in another. Hackers could potentially have the ability to affect audio features, disable the vehicle's ignition, override braking systems and infect the software with Trojans and viruses."

"Anything with communication chip on board can be remotely accessed," Curran said in an interview. "Given enough sophistication and the person compromising it having the expertise — there's the worry," he said.

Indeed, earlier this summer, hackers Charlie Miller and Chris Valasek demonstrated their ability to hack into the Electronic Control Units (ECU) of a Toyota Prius and a Ford Escape. They didn't do it remotely, but the message was clear: with the right access, a hacker can take control of a car's fundamental systems — the gas, the brakes, the steering wheel and more.

So, given that this technology is still in its infancy, it would seem that this is an opportunity to build security into the systems from the ground up. But most experts say that wont happen — that history will repeat itself and security will be an afterthought.

The focus instead, Curran said, "will be convenience and features," in part because of, "a lack of people (in development) who specialize in security. It's hard to convince management to spend on security when everything is going fine.

"You may know how easy it is to hack. But how do you convince the boss?" he said.

Stan Kiefer, senior security architect at The Hacker Academy, agrees. "Across many sectors, history has proven even when given the opportunity, security is usually bolted on top of functionality," he said. "Most times, security is not a requirement, its a checklist or test done at the 85-100% mark of engineering."